Sagar Banwa

5 exploits Active since Dec 2020
CVE-2020-36955 EXPLOITDB MEDIUM text WORKING POC
Grav CMS 1.6.30 - XSS
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
CVSS 6.4
CVE-2020-29239 EXPLOITDB MEDIUM text WORKING POC
Online Birth Certificate System Project V 1.0 - XSS
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
CVSS 6.1
EIP-2026-113309 EXPLOITDB text WORKING POC
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
CVE-2020-29240 EXPLOITDB MEDIUM text WORKING POC
Lepton-CMS 4.7.0 - XSS
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
CVSS 4.8
EIP-2026-104343 EXPLOITDB text WORKING POC
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting